[erlang-bugs] Re: PATCH - public_key should handle unknown attribute types
Dan Gudmundsson
dgud@REDACTED
Mon Jul 6 11:05:49 CEST 2009
Thanks applied.
/Dan
Will wrote:
> Odd, gmail clearly shows the diff attached, but it doesn't seem to
> have made it through the mailing list processing. Here's an inline
> copy...
>
> On Sat, Jul 4, 2009 at 11:01 AM, Will<wglozer@REDACTED> wrote:
>> Hi,
>>
>> SSL handshaking with new_ssl will fail when a certificate contains
>> attributes unknown to the public_key module. Here is a patch that
>> leaves the attribute value encoded when its type is unknown.
>>
>> -Will
>>
>
> diff -r 80795205fd0a src/pubkey_cert_records.erl
> --- a/src/pubkey_cert_records.erl Sat Jul 04 10:44:41 2009 -0700
> +++ b/src/pubkey_cert_records.erl Sat Jul 04 10:51:40 2009 -0700
> @@ -187,8 +187,11 @@
> end, Exts).
>
> transform(#'AttributeTypeAndValue'{type=Id,value=Value0} = ATAV, Func) ->
> - Type = attribute_type(Id),
> - {ok, Value} = 'OTP-PUB-KEY':Func(Type, Value0),
> + {ok, Value} =
> + case attribute_type(Id) of
> + Type when is_atom(Type) -> 'OTP-PUB-KEY':Func(Type, Value0);
> + _UnknownType -> {ok, Value0}
> + end,
> ATAV#'AttributeTypeAndValue'{value=Value};
> transform(AKI = #'AuthorityKeyIdentifier'{authorityCertIssuer=ACI},Func) ->
> AKI#'AuthorityKeyIdentifier'{authorityCertIssuer=transform(ACI,Func)};
> @@ -231,7 +234,8 @@
> attribute_type(?'id-at-serialNumber') -> 'X520SerialNumber';
> attribute_type(?'id-at-pseudonym') -> 'X520Pseudonym';
> attribute_type(?'id-domainComponent') -> 'DomainComponent';
> -attribute_type(?'id-emailAddress') -> 'EmailAddress'.
> +attribute_type(?'id-emailAddress') -> 'EmailAddress';
> +attribute_type(Type) -> Type.
>
> %%% Old code transforms
>
> ________________________________________________________________
> erlang-bugs mailing list. See http://www.erlang.org/faq.html
> erlang-bugs (at) erlang.org
>
More information about the erlang-patches
mailing list